Skip to content

Commit

Permalink
Anti-dupe and filter bugs fixed
Browse files Browse the repository at this point in the history
  • Loading branch information
@nokonoko
nokonoko committed Jan 22, 2022
1 parent 45bc029 commit 0a3934c
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 40 deletions.
3 changes: 1 addition & 2 deletions static/php/includes/Core.namespace.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ public function antiDupe()
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
Upload::$NEW_NAME_FULL = $result['filename'];
return $result['filename'];
}
} catch (Exception) {
throw new Exception('Cant check for dupes in DB.', 500);
Expand Down Expand Up @@ -359,4 +359,3 @@ public function newIntoDB()
}



83 changes: 45 additions & 38 deletions static/php/includes/Upload.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,13 +72,29 @@ public function diverseArray($files): array
public function uploadFile(): array
{
(new Settings())->loadConfig();
(new Upload())->fileInfo();

if (Settings::$ANTI_DUPE) {
(new Database())->antiDupe();
if (Settings::$BLACKLIST_DB) {
(new Database())->checkFileBlacklist();
}

(new Upload())->generateName();
if (Settings::$FILTER_MODE) {
self::checkMimeBlacklist();
self::checkExtensionBlacklist();
}

if (Settings::$ANTI_DUPE) {
$result = (new Database())->antiDupe();
if (isset($result)) {
self::$NEW_NAME_FULL = $result;
} else {
(new Upload())->generateName();
}
}

if (!Settings::$ANTI_DUPE) {
(new Upload())->generateName();
}

if (!is_dir(Settings::$FILES_ROOT)) {
throw new Exception('File storage path not accessible.', 500);
Expand Down Expand Up @@ -107,12 +123,13 @@ public function uploadFile(): array
'size' => self::$FILE_SIZE
];
}

public function fileInfo()
{
if (isset($_FILES['files'])) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
$extension = explode('.',self::$FILE_NAME,2);
$extension = explode('.', self::$FILE_NAME, 2);
self::$FILE_EXTENSION = $extension['1'];
finfo_close($finfo);

Expand All @@ -123,13 +140,32 @@ public function fileInfo()
}
}
}

/**
* @throws Exception
*/
public function generateName(): string
public function checkMimeBlacklist()
{
(new Upload())->fileInfo();
if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
throw new Exception('Filetype not allowed.', 415);
}
}

/**
* @throws Exception
*/
public function checkExtensionBlacklist()
{
if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
throw new Exception('Filetype not allowed.', 415);
}
}

/**
* @throws Exception
*/
public function generateName(): string
{
do {
if (Settings::$FILES_RETRIES === 0) {
throw new Exception('Gave up trying to find an unused name!', 500);
Expand All @@ -140,41 +176,12 @@ public function generateName(): string
self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
}

if(isset(self::$FILE_EXTENSION)){
if (isset(self::$FILE_EXTENSION)) {
self::$NEW_NAME_FULL = self::$NEW_NAME;
self::$NEW_NAME_FULL .= '.'.self::$FILE_EXTENSION;
}

if (Settings::$BLACKLIST_DB) {
(new Database())->checkFileBlacklist();
}

if (Settings::$FILTER_MODE) {
self::checkMimeBlacklist();
self::checkExtensionBlacklist();
self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION;
}
} while ((new Database())->dbCheckNameExists() > 0);

return self::$NEW_NAME_FULL;
}

/**
* @throws Exception
*/
public function checkMimeBlacklist()
{
if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
throw new Exception('Filetype not allowed.', 415);
}
}

/**
* @throws Exception
*/
public function checkExtensionBlacklist()
{
if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
throw new Exception('Filetype not allowed.', 415);
}
}
}
}

0 comments on commit 0a3934c

Please sign in to comment.